Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Sensor Configuration Page Options

Procedure

  1. Select Configure>Security>IDP>Sensor in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

    Or

    Select Configure>Security Services>IPS>Sensor in the J-Web user interface.

    The Sensor configuration page appears. explains the contents of this page.

    Note: Starting in Junos OS Release 19.2R1, you can configure IP sensor in three sections: Basic Settings, Advance Settings, and Detectors.

  2. Click one:
    • Add or +—Adds the detector configuration. Enter information as specified in Table 231.

    • Edit or /—Updates the existing the detector configuration.

    • Delete or X— Deletes the existing the detector configuration

  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page.

    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.

    • Cancel—Cancels your entries and returns to the main configuration page.

  4. (Junos OS Release 19.2R1 and later) Click one:
    • Save—Saves all the configuration.

      Note For all the configuration options, tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.

    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.

    • Cancel—Cancels all the configuration changes you made.

Table 231: Configuring IDP Sensor Configuration Page

Field

Function

Action

Basic Settings 

Select to configure basic IPS sensor settings.

IDP Protection Mode

Protection Mode

Specifies the inspection parameters for efficient inspection of traffic in the device. The options available are:

  • DataCenter—Disables all STC traffic inspection.

  • Datacenter Full—Disables all STC traffic inspection.

  • Perimeter—Inspects all STC (Server To Client) traffic.

  • Perimeter Full—Inspects all STC traffic.

Select an option from the list.

Intelligent Inspection

IDP By Pass

Provides flexibility to bypass IDP or to drop the packets when the system CPU utilization reaches a high level.

Enable or disable the IDP Intelligent Bypass option.

IDP By Pass CPU Threshold

Specifies when CPU utilization reaches the defined threshold value, the IDP stops inspecting new sessions.

Enter the threshold value.

Range: 0 through 99. Default value: 85.

IDP By Pass CPU Tolerance

Specifies the CPU tolerance value.

Enter the CPU tolerance value.

Range: 1 through 99. Default value: 5.

Intelligent Inspection

Minimizes IDP processing during system overload.

Enable or disable this option.

If you enable this option, enter the following details:

  • Ignore Content Decompression—

  • Signature Severity—Select the severity level of the attack from the list that the signature will report for IDP processing. The available options are: minor, major, and critical.

    Note: Click Clear All to clear all the selected severity values.

  • Protocols—Select the protocols from the list that needs to be processed in Intelligent Inspection mode.

    Note: Click Clear All to clear all the selected protocols.

  • CPU Threshold (%)—Enter the value of CPU usage threshold percentage for intelligent inspection.

    Range: 0 through 99 percent.

  • CPU Tolerance (%)—Enter the value of CPU usage tolerance percentage for intelligent inspection.

    Range: 0 through 99 percent.

  • Memory Tolerance—Enter the value of memory tolerance percentage for intelligent inspection.

    Range: 0 through 100 percent.

  • Free Memory Threshold—Enter the value of free memory threshold percentage for intelligent inspection.

    Range: 0 through 100 percent.

  • Session Bytes Depth—Enter the value of session bytes scanning depth.

    Range: 1 through 1000000 bytes.

Memory Lower Threshold

Species the memory lower threshold limit percentage.

Enter the memory lower threshold limit percentage.

Range: 1 through 100.

Memory Upper Threshold

Species the memory upper threshold limit percentage.

Enter the memory upper threshold limit percentage.

Range: 1 through 100.

Flow

Drop On Limit

Specifies the dropped connections on exceeding resource limits.

Enable or disable this option.

Drop On Failover

Specifies the dropped traffic on HA failover sessions.

Enable or disable this option.

Drop If No Policy Loaded

Specifies all the dropped traffic till IDP policy gets loaded.

Enable or disable this option.

Packet Log

Note: Starting in Junos OS Release 19.2R1, Packet Log configuration is available.

IP Address

Specifies the destination host to send packet log.

Enter the IP address of the destination host.

Port

Specifies the UDP port number.

Enter the UDP port number.

Range: 0-65535.

Source Address

Specifies the source IP address used to transport packet log to a host.

Enter the source IP address.

Advanced Settings 

Select to configure advanced IPS sensor settings.

IDP Flow

Log Errors

Specifies if the flow errors have to be logged.

Select an option from the list.

Flow FIFO Max Size

Specifies the maximum FIFO size.

Enter a value.

Range: : 1 through 65535. Default value is 1.

Hash Table Size

Specifies the hash table size.

Enter a value.

Range: 1024 through 1,000,000. Default value is 1024.

Max Timers Poll Ticks

Specifies the maximum amount of time at which the timer ticks at a regular interval.

Enter a value.

Range: 0 through 1000 ticks. Default value is 1000 ticks.

Reject Timeout

Specifies the amount of time in milliseconds within which a response must be received.

Enter a value.

Range: 1 through 65,535 seconds. Default value is 300 seconds.

Global

Enable All Qmodules

Specifies if all the qmodules of the global rulebase IDP security policy are enabled.

Select an option from the list.

Enable Packet Pool

Specifies if the packet pool is enabled to be used when the current pool is exhausted.

Select an option from the list.

Policy Lookup Cache

Specifies if the cache is enabled to accelerate IDP policy lookup.

Select an option from the list.

Memory Limit Percent

Specifies to limit IDP memory usage at this percent of available memory.

Enter a value.

Range: 10 through 90 percent.

IPS

Detect Shellcode

Specifies if shellcode detection has to be applied.

Select an option from the list.

Ignore Regular Expression

Specifies if the sensor has to bypass DFA and PCRE matching.

Select an option from the list.

Process Ignore Server-to-Client

Specifies if the sensor has to bypass IPS processing for server-to-client flows.

Select an option from the list.

Process Override

Specifies if the sensor has to execute protocol decoders even without an IDP policy.

Select an option from the list.

Process Port

Specifies a port on which the sensor executes protocol decoders.

Enter an integer.

Range: 0 through 65535.

IPS FIFO Max Size

Specifies the maximum allocated size of the IPS FIFO.

Enter an integer.

Range: 1 through 65535.

Minimum Log Supercade

Specifies the minimum number of logs to trigger the signature hierarchy feature.

Enter an integer.

Range: 0 through 65535.

Log

Cache Size

Specifies the size in bytes for each user’s log cache.

Enter a value.

Range: 1 through 65,535 bytes.

Disable Suppression

Specifies if the log suppression has to be disabled.

Enable or disable this option.

Include Destination Address

Specifies to combine log records for events with a matching source address.

Select an option from the list.

Max Logs Operate

Specifies the maximum number of logs on which log suppression can operate. IDP can operate on 16,384 log records by default.

Enter an integer.

Range: 256 through 65,536 records.

Max Time Report

Specifies the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default.

Enter an integer.

Range: 1 through 60 seconds.

Start Log

Specifies the number of log occurrences after which log suppression begins. Log suppression begins with the first occurrence by default.

Enter an integer.

Range: 1 through 128.

Reassembler

Ignore Memory Overflow

Specifies if the user has to allow per-flow memory to go out of limit.

Select an option from the list.

Ignore Reassembly Memory Overflow

Specifies if the user has to allow per-flow reassembly memory to go out of limit.

Select an option from the list.

Ignore Reassembly Overflow

Specifies the TCP reassembler to ignore the global reassembly overflow to prevent the dropping of application traffic.

Enable or disable this option.

Max Flow Memory

Specifies the maximum per-flow memory for TCP reassembly in kilobytes.

Enter an integer.

Range: 64 through 4,294,967,295 kilobytes.

Max Packet Memory

Specifies the maximum packet memory for TCP reassembly in kilobytes.

Enter an integer.

Range: 64 through 4,294,967,295 kilobytes

Max Synacks Queued

Specifies the maximum limit for queuing Syn/Ack packets with different SEQ numbers.

Enter an integer.

Range: 0 through 5

Packet Log

Max Sessions

Specifies the maximum number of sessions actively conducting pre-attack packet captures on a device at one time.

Enter an integer.

Range: 1 through 100 percent

Total Memory

Specifies the maximum amount of memory to be allocated to packet capture for the device.

Enter an integer.

Range: 1 through 100 percent

Detectors 

Click + and enter the following fields.

Protocol

Specifies the name of the protocol to enable or disable the detector.

Select the name of the protocol from the list.

Tunable Name

Specifies the name of the tunable parameter to enable or disable the protocol detector for each of the services.

Select the name of the specific tunable parameter from the list.

Tunable Value

Specifies the value of the tunable parameter to enable or disable the protocol detector for each of the services.

Enter the protocol value of the specific tunable parameter.

Range: 0 to 4294967295

See Also

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit